Forum Discussion

Cirrostratus

Jul 08, 2014

SAML SSO - NotBefore Tag?

We're seeing an issue with one of our external SAML SSO SP partners where they require strict adherence to the "NotBefore" attribute in the assertion that's being sent by our IdP. This value app...

application delivery

BIG-IP Access Policy Manager (APM)

Cirrostratus

Jul 09, 2014

UTC time sources are indeed abundant, yet certainly there should always be allowances for variation - this could be an issue even if there is drift in the milliseconds.

It looks like this was fixed in 11.4.1 HF4:

http://support.f5.com/kb/en-us/solutions/public/14000/800/sol14835.html

ID 433243 : BIG-IP IdP subtracts three minutes from assertion's NotBefore timestamp to accomodate SPs whose clocks may be behind.

I appreciate the responses.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SAML SSO - NotBefore Tag?

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

SSL Bridging and FQDN rewrite Policy

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

F5 BIG IP laboratory license

Related Content

Google Tag Manager

SAML - LTM in front of SP

Enable SAML Service Provider on F5 Distributed Cloud Application

SAML F5 SP - Microsoft Entra

APM Cookbook: SAML IdP Chaining

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS